Virtualization Technology News and Information
Who Guards Cloud: Major Cloud Computing Risks and How to Protect It
The moment when organizations move all or part of their business in the cloud, there rises an inevitable question of security. Will the security of the website get compromised? Will hosting the application data in the cloud invite more security threats? Can we survive a cyberattack? What will be repercussions of a cyberattack? The solution to all these questions is nothing but cloud security. With the advent of bring your own cloud (BYOC) and widespread adoption of cloud, companies are experiencing an overwhelming amount of data breaches. The major reason behind such cyber threats is human error or in other terms inappropriate steps taken to secure data in the cloud.

With a scalable and flexible network solution, the cloud provides limitless opportunities for the company's growth, however, it also invites challenges. As the presence of cloud grows, the websites need to be ready with a defensive plant to deal with cyberattacks against web infrastructure such as a distributed denial of service (DDoS). Cloud security offers multiple levels of controls within the infrastructure to provide protection and continuity for cloud-based applications. According to Allied Market Research, the global cloud security market is estimated to reach $8.9 billion by 2020 and is expected to register a significant CAGR by 2025. Cloud security encompasses a set of policies and controls that cater to the security aspects of cloud by protection applications and infrastructure.

According to a survey of Ponemon Institute that included more than 400 IT and security leaders, several responders didn't have a clear idea of how pervasive the issue of BYOC is for their organization. What's more, many were unaware regarding what applications and cloud services work their employees use and even more threatening, they were clueless about what information is exposed and with whom it is being shared. Here are some of the major risks linked with the cloud that you should know about and what measures you should take to prevent alarming cyberattacks.   

1.       Theft or loss of intellectual property

Enterprises increasingly store sensitive data in the cloud including intellectual properties. When a cloud service is breached, cybercriminals could gain unopposed access to such data, which would pose a risk of losing the ownership of the data.

2.       Compliance violation

Majority of the companies operate under several regulatory control of their information. For instance, HIPAA for private health information or FERPA for confidential student records. Under such compliance, companies must know where data is located and who has access along with how it can be protected. Adoption of bring your own device (BYOD) often violates such regulations, putting the organization in serious repercussions. Recently, a cloud company, Fugue, unveiled its Software as a service (SaaS) product called Cloud Security Posture Management (CSPM), through the Microsoft Azure cloud computing service. The product is designed to help organizations maintain their infrastructure's security and compliance posture across the cloud. Moreover, it detects drift from the baseline so that the company can understand potential security and compliance issues.

3.       Inability to control user actions

When organizations are uninformed regarding employees using cloud services, those workers could do anything of the company's private information without any clues to trace. For instance, a salesperson can download customer contacts before resigning in a private cloud and use the information after getting employment at a competitor's firm. This week, Symantec, announced various improvements to bolster its approach to secure access in the cloud. The cloud access security solution is designed to address security issues in the cloud, in email, as well as on the web. According to Symantec, the aim is to provide users integrated solutions that enforce zero trust security policies across all cloud-based platforms.

4.       Malware infection

Cloud services can be used as a tool for data exfiltration. Researchers at Skyhigh recently uncovered how attackers encode sensitive data into video files and upload them on YouTube. Moreover, experts have detected malware that exfiltrates conferential data via private accounts on Twitter, 140 characters at a time. The University of Texas at San Antonio (UTSA) recently launched Galahad, an open-source user computer environment (UCE) for the Amazon Cloud to protect desktop applications running on digital platforms from the threats of malware. The technology leverages nested virtualization, layered sensing and logging to mitigate cloud threats. This allows customers to host their applications securely in the cloud avoiding the attacks of malware. Moreover, Galahad could integrate machine learning to develop unique user profiles that immediately help detect malicious activities including malware attacks with the help of role-based isolation and real-time sensors. Such determination is based on log events and customer action at application and hypervisor level.

Overall, defending a company's integrity and data security is the toughest job in today's time and age, with new technologies emerging every day that could be used against the company. Thus, incorporating cloud security is a must-have if at all companies want to prevent cyber attacks and data breaches. As the cloud is here to stay, companies must learn how to balance risks associated with it and countless benefits it brings.


About the Author

Swamini Kulkarni 

Swamini Kulkarni holds a bachelor's degree in Instrumentation and control engineering from Pune University, and works as a content writer. She is deeply fascinated by the impact of technology on human life, and loves to talk about science and mythology. When she is not glued to the computer, she loves to read, travel, and spend time thinking how she could read and travel more often.

Published Friday, August 23, 2019 7:28 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2019>